NPM Plus

Provides AI-powered JavaScript package management with search, installation, analysis, and security tooling.
  • typescript

6

GitHub Stars

typescript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

NPM Plus MCP Server provides AI-powered package management for JavaScript. It lets you search, inspect, install, update, and analyze dependencies with built-in security checks, bundle insights, and AI-assisted workflows across editors and IDEs.

How to use

You interact with the MCP server through your preferred MCP client (hosted or self-hosted). Start by pointing your client at the MCP URL and then issue natural language prompts like “search for React libraries,” “install lodash as a dev dependency,” or “show bundle size impact before adding moment.js.” The tools will guide you to perform package discovery, installation, analysis, and maintenance tasks with automatic retries and helpful error messages.

How to install

Prerequisites: you need Node.js installed on your machine. Optionally, have npm or npx available depending on your chosen setup.

# 1) Hosted (recommended in many cases): simply configure your MCP client to point at the remote MCP URL
# 2) Self-hosted using npx (recommended for local development)
# 3) Self-hosted using node (local dist/index.js)

HTTP MCP configuration (Hosted Service)

{
  "mcpServers": {
    "npmplus-mcp": {
      "transport": "http",
      "url": "https://api.npmplus.dev/mcp",
      "args": []
    }
  }
}

Self-hosted with NPX (Remote server control via NPX)

{
  "mcp": {
    "servers": {
      "npmplus-mcp": {
        "command": "npx",
        "args": ["-y", "npmplus-mcp-server"]
      }
    }
  }
}

Self-hosted with local Node runtime

{
  "mcpServers": {
    "npmplus-mcp": {
      "command": "node",
      "args": ["./dist/index.js"],
      "cwd": "./",
      "disabled": false
    }
  }
}

Notes on deployment

If you are deploying to production, use the local development flow for testing and then follow your deployment pipeline to run in production. The hosted URL remains the same for clients configured to the remote MCP.

Security and access

MCP servers run with your local permissions. Do not expose the MCP endpoint publicly without appropriate access controls. Review configuration before enabling servers and use trusted sources only.

Troubleshooting

If you encounter issues, try these steps in order: check server status, restart the MCP client, review logs for the [npmplus-mcp] tag, and adjust timeouts if you see slow responses. For specific problems with npm idealTree or vulnerability checks, use the dedicated tool blocks to retry operations or gather diagnostics.

Self-hosting quick-start

To run locally from source, you can build and start the server as follows.

git clone https://github.com/shacharsol/js-package-manager-mcp.git
cd js-package-manager-mcp
npm install
npm run build
npm start

Analytics (optional)

Analytics can be enabled to gain visibility into tool usage and performance in self-hosted deployments. Enable analytics by setting environment variables.

# Enable analytics logging (example)
ENABLE_ANALYTICS=true
ANALYTICS_SALT=your-random-salt

Testing & validation

Run validation commands to ensure health and features work as expected. Use the available test targets to perform deployment checks, unit tests, and development mode runs.

Version and updates

To update a self-hosted server, install the latest package and restart the service. If you are using a hosted MCP URL, updates are managed by the hosting provider.

Available tools

search_packages

Search npm registry with intelligent scoring to find packages by functionality and metadata.

package_info

Retrieve comprehensive metadata for a package, including keywords and maintainers.

check_bundle_size

Analyze the bundle size impact before installation to help optimize dependencies.

download_stats

View download statistics and trends for packages.

check_license

Inspect package licenses to support compliance.

dependency_tree

Visualize dependency relationships and detect circular dependencies.

list_licenses

List all licenses used in the project for compliance review.

audit_dependencies

Security vulnerability scanning across dependencies.

analyze_dependencies

Detect circular dependencies and orphaned packages in the graph.

check_outdated

Identify outdated packages and suggested updates.

clean_cache

Clear the package manager cache to recover from transient errors.

check_vulnerability

Check specific package vulnerabilities with targeted queries.

install_packages

Install packages with intelligent retry logic and support for dev/global scopes.

update_packages

Update packages to their latest compatible versions.

remove_packages

Remove packages cleanly from the project.

debug_version

Query server version and status for troubleshooting.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational